Command netsh Missing Scenario "netconnection"

TJwillians74 1 Reputation point
2022-03-18T18:14:05.01+00:00

I have a question about netsh scenarios. I'm trying to run the following command: 

netsh trace start scenario=netconnection capture=yes report=yes overwrite=yes persistent=yes traceFile=C:\filename.etl maxsize=1024 fileMode=circular

But it tells me 'netconnection' is not a valid scenario.

These are whats available for scenarios: 

netsh trace>show scenarios

Available scenarios (8):
-------------------------------------------------------------------
AddressAcquisitionServer : Troubleshoot address acquisition server related issues
DirectAccess             : Troubleshoot DirectAccess related issues
FileSharing              : Troubleshoot common file and printer sharing problems
InternetClient           : Diagnose web connectivity issues
InternetServer           : Set of HTTP service counters
NDIS                     : Troubleshoot network adapter related issues
Virtualization           : Troubleshoot network connectivity issues in virtualization environment
WFP-IPsec                : Troubleshoot Windows Filtering Platform and IPsec related issues")

I know I've used scenario=netconnection before although I'm not sure what OS. I'm running this command now on a server 2019 core. I'm not sure if there is a work around or I should just use NDIS or Virtualization scenario instead. If I use no scenario I assume it captures everything?

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,127 questions
Hyper-V
Hyper-V
A Windows technology providing a hypervisor-based virtualization solution enabling customers to consolidate workloads onto a single server.
2,538 questions
Windows Network
Windows Network
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.Network: A group of devices that communicate either wirelessly or via a physical connection.
648 questions
Windows Server Clustering
Windows Server Clustering
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Clustering: The grouping of multiple servers in a way that allows them to appear to be a single unit to client computers on a network. Clustering is a means of increasing network capacity, providing live backup in case one of the servers fails, and improving data security.
958 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Gary Nebbett 5,721 Reputation points
    2022-03-19T09:40:45.617+00:00

    Hello @TJwillians74 ,

    If you omit the scenario then your "netsh trace" command will just capture the network traffic; the events generated by other Event Tracing for Windows (ETW) providers will not be included in the trace file.

    The list of scenarios is obtained by querying the registry; the list of scenarios on a Windows 11 client includes the NetConnection scenario.

    A scenario is just a list of additional ETW providers (with associated keywords and levels) - you can trace the same data by just listing the ETW providers in the "netsh trace" command.

    Which additional providers, present in the NetConnection scenario, are of particular use to you? How do you analyse the resulting trace file?

    Gary

    0 comments